Ransomware gangs increasingly use stolen data as weapons

Ransomware gangs increasingly use stolen data as weapons

Ransomware gangs increasingly use stolen data as weapons

Cybercriminals are using the personal data of company employees and even “illegal business activities” to put more pressure on victims.

New research has shown that ransomware gangs are turning to new methods to pressure their victims into paying a ransom.

According to Sophos Tightening the screws: the pressure tactics of ransomware gangs In the report, released today (August 6), cybercriminals often leverage stolen data to further blackmail their victims.

Not content with simply threatening to publish the data, gangs are increasingly using the data against ransomware victims. In one case, a gang found evidence that an employee was searching the Internet for child sexual abuse material, after which they threatened to turn the information over to law enforcement authorities.

In another, a ransomware gang shared the personal data of a company CEO’s daughter.

Some gangs also openly criticize companies for their poor responses to ransomware incidents, while others openly encourage a victim’s employees to seek compensation after being exposed online.

“In December 2023, in the wake of the MGM casino breach, Sophos began to take note of the propensity of ransomware gangs to turn the media into a tool they can use not only to increase pressure on their victims but also to take control of the narrative and change the situation. blame. “We are also seeing gangs pointing fingers at business leaders they consider the companies they target ‘responsible’ for the ransomware attack,” said Christopher Budd, director of threat research at Sophos, in a statement.

“In one post we found, the attackers posted a photo of a business owner with devil horns, along with his social security number. In a different post, the attackers encouraged employees to seek “compensation” from their company and, in other cases, threatened to notify customers, partners and competitors about data breaches. These efforts create a lightning rod for blame, increasing pressure on companies to pay and potentially exacerbating the reputational damage of an attack.”

Ransomware operators are also increasingly using particularly sensitive data to extort victims, such as mental health records or even children’s medical data. Some have even threatened to specifically expose “images of naked patients” if the ransom is not paid.

“Ransomware gangs are becoming increasingly invasive and bold in how and what they weaponize. To compound the pressure on companies, they are not only stealing data and threatening to leak it, they are actively analyzing it for ways to maximize damage and create new extortion opportunities,” Budd said.

“This means that organizations not only have to worry about corporate espionage and the loss of trade secrets or illegal employee activity, but also about these issues in combination with cyberattacks.”

You can read the full report here.

Leave a Reply

Your email address will not be published. Required fields are marked *